Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user nginx;
- worker_processes auto;
- worker_shutdown_timeout 20s;
- daemon off;
- error_log /var/log/nginx/error.log warn;
- pid /var/run/nginx.pid;
- events {
- worker_connections 1024;
- }
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- tcp_nopush on;
- tcp_nodelay on;
- proxy_send_timeout 20m;
- keepalive_requests 100;
- reset_timedout_connection on;
- gzip on;
- gzip_types text/css application/x-javascript application/javascript text/javascript text/plain;
- gzip_comp_level 6;
- gzip_min_length 100;
- gzip_http_version 1.0;
- gzip_proxied any;
- gzip_disable "msie6";
- gzip_vary on;
- ssl_session_cache shared:SSL:50m;
- ssl_session_timeout 30m;
- ssl_buffer_size 4k;
- ssl_session_tickets off;
- proxy_next_upstream error invalid_header timeout http_502 http_503 http_504;
- log_format main '{' '"time_local": "$time_local", ' '"remote_addr": "$remote_addr", ' '"remote_user": "$remote_user", ' '"upstream_addr": "$upstream_addr", ' '"upstream_response_time": "$upstream_response_time", ' '"host": "$host", ' '"request": "$request", ' '"status": "$status", ' '"body_bytes_sent": "$body_bytes_sent", ' '"http_referer": "$http_referer", ' '"http_x_forwarded_for": "$http_x_forwarded_for", ' '"http_user_agent": "$http_user_agent" ' '}';
- access_log /var/log/nginx/access.log main;
- sendfile on;
- keepalive_timeout 65;
- server_names_hash_max_size 32768;
- server_names_hash_bucket_size 128;
- map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
- }
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4";
- ssl_prefer_server_ciphers on;
- ssl_dhparam /etc/nginx/secrets/dhparam.pem;
- server {
- listen 80 default_server;
- listen 443 ssl default_server http2;
- ssl_certificate /etc/nginx/secrets/default;
- ssl_certificate_key /etc/nginx/secrets/default;
- server_name _;
- server_tokens "off";
- access_log off;
- location / {
- return 404;
- }
- }
- include /etc/nginx/conf.d/*.conf;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement